Peer-To-Peer Offline Access Mode

1. A system comprising: a first client device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the first client device to at least: detect that the first client device of a user is in an offline state, wherein the first client device is not currently communicatively coupled to a management server, wherein the first client device is enrolled with a management service hosted by the management server; detect that a second client device of the user is in an online state, wherein the second client device is currently communicatively coupled to the management server, wherein the second client device is enrolled with the management service hosted by the management server; launch a peer-to-peer communication channel between the first client device and the second client device of the user; transmit a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliance policy of the management service; and receive a special access token over the peer-to-peer communication channel, wherein the special access token is provided by the management server and enables the first client device access to the enterprise resource.

2. The system of claim 1, wherein the verification data comprises heartbeat information for the first client device and interrogation information.

3. The method of claim 2, wherein the verification data includes a time-based session token.

4. The system of claim 1, wherein the compliance policy comprises a rule requiring that the first client device needs to be communicatively coupled to the management service before access can be granted to the enterprise resource.

5. The system of claim 1, wherein the machine-readable instructions further cause the first client device to encrypt a payload of the peer-to-peer offline access mode request with a private key of the first client device.

6. The system of claim 1, wherein the special access token is time-limited and is set to expire after a defined time period.

7. The system of claim 1, wherein the enterprise resource comprises a data file stored in a data store remote from the first client application, a client application of the first client device, or a client application of the second client device.

8. A method, comprising: detecting, by a first client device, that the first client device of a user is in an offline state, wherein the first client device is not currently communicatively coupled to a management server, wherein the first client device is enrolled with a management service hosted by the management server; detecting, by the first client device, that a second client device of the user is in an online state, wherein the second client device is currently communicatively coupled to the management server, wherein the second client device is enrolled with the management service hosted by the management server; launching, by the first client device, a peer-to-peer communication channel between the first client device and the second client device of the user; transmitting, by the first client device, a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliance policy of the management service; and receiving, by the first client device, a special access token over the peer-to-peer communication channel, wherein the special access token is provided by the management server and enables the first client device access to the enterprise resource; and accessing, by the first client device, the enterprise resource using the special access token.

9. The method of claim 8, wherein the verification data comprises heartbeat information for the first client device, and interrogation information.

10. The method of claim 9, wherein the verification data includes a time-based session token.

11. The method of claim 8, wherein the compliance policy comprises a rule requiring that the first client device needs to be communicatively coupled to the management service before access can be granted to the enterprise resource.

12. The method of claim 8, further comprising encrypting a payload of the peer-to-peer offline access mode request with a private key of the first client device.

13. The method of claim 8, wherein the special access token is time-limited and is set to expire after a defined time period.

14. The method of claim 8, wherein the enterprise resource comprises a data file stored in a data store remote from the first client application, a client application of the first client device, or a client application of the second client device.

15. A non-transitory, computer-readable medium, comprising machine-readable instructions that, when executed by a processor of a first client device, cause the first client device to at least: detect that the first client device of a user is in an offline state, wherein the first client device is not currently communicatively coupled to a management server, wherein the first client device is enrolled with a management service hosted by the management server; detect that a second client device of the user is in an online state, wherein the second client device is currently communicatively coupled to the management server, wherein the second client device is enrolled with the management service hosted by the management server; launch a peer-to-peer communication channel between the first client device and the second client device of the user; transmit a peer-to-peer offline access mode request over the peer-to-peer communication channel for the first client device to be given access to an enterprise resource that is being managed by the management server, wherein the request includes instructions for the second client device to forward the request to the management server, wherein the request further includes enterprise resource identification and verification data showing that the first client device is in compliance with a compliance policy of the management service; and receive a special access token over the peer-to-peer communication channel, wherein the special access token is provided by the management server and enables the first client device access to the enterprise resource.

16. The non-transitory, computer-readable medium of claim 15, wherein the verification data comprises heartbeat information for the first client device, and interrogation information.

17. The non-transitory, computer-readable medium of claim 16, wherein the verification data includes a time-based session token.

18. The non-transitory, computer-readable medium of claim 15, wherein the compliance policy comprises a rule requiring that the first client device needs to be communicatively coupled to the management service before access can be granted to the enterprise resource.

19. The non-transitory, computer-readable medium of claim 15, wherein the machine-readable instructions further cause the first client device to encrypt a payload of the peer-to-peer offline access mode request with a private key of the first client device.

20. The non-transitory, computer-readable medium of claim 15, wherein the special access token is time-limited and is set to expire after a defined time period.